Run: PwnKit mitigation - Removing SUID permissions on pkexec - WITH MITIGATION
0 Votes |
Description
This task will remove the SUID-bit from pkexec file.
It is a generic command that can be deployed on all Linux-based endpoints
chmod 0755 /usr/bin/pkexec
You should favor patching the OS with the security update released by the vendor for any supported system, and only when this is not a viable solution, to use the mitigation approach.
Removing the SUID-bit form the pkexec file may have a negative impact on any applications.
Use this task to perform mitigation with care and test thoroughly in your environment.
Property Details
26905 | |
Beta - Preliminary testing ready for more | |
Run: PwnKit mitigation - Removing SUID permissions on pkexec - WITH MITIGATION | |
BESC | |
Workaround | |
Community Content | |
Important | |
1/28/2022 12:00:00 AM | |
CVE-2021-4034 | |
CVE-2021-4034 BETA | |
brolly33 on 2/1/2022 6:38:23 AM | |
brolly33 on 2/1/2022 6:38:23 AM | |
2116 Views / 6 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Relevance
Used in 1 fixlet | * Results in a true/false |
exists file "/usr/bin/pkexec" and mode of file "/usr/bin/pkexec" as string != "rwxr-xr-x"
Actions
Action 1 (default)
Action Link Click
here to deploy this action.
Script Type
BigFix Action Script
// Enter your action script hereSuccess Criteria
wait "/bin/bash" -c "chmod 0755 /usr/bin/pkexec"
This action will be considered successful when all lines of the action script have completed successfully.
Sharing
Social Media: |